General Data Protection Regulations, 2018 (GDPR) and how it affects me.
The Data Protection Act is changing and has been replaced by the General Data Protection Regulations (GDPR). The aim is to ensure that your personal, sometimes sensitive, confidential data is held privately and securely, being processed in the way that you have agreed to. It exists to protect your rights as a consumer involving your identifiable data, e.g. your name and address & any reason you might have for visiting me. It also covers any session records, text messages or emails between us.
How long will you hold my information for?
As a registered member of the AFSFH, and HCPC I am bound by their regulations regarding the length of time I must hold onto your information. I am also bound by the agreement I have with my insurer (Ballan’s Ltd). I will be obliged to hold your data for 8 years after your final session. The exception to this rule applies to children, for whom I must hold their data until their 25th birthday, (unless they are 17 when treatment ends when I must keep it until their 26th birthday). All records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.
Can I ask for my information to be deleted before this date?
GDPR allows you to request the deletion of any of your records, by making a request in writing to me. Should you request this then all your paper records would be shredded with a cross shredding machine. Any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. Please note that I would have to save the deletion request you made but would not save any other data.
Can I ask to see my data and if so how quickly can I look at it.
You are now able to ask to see any information that is held about you within 30 days of asking. You can even ask for a copy of any personal information held by me if you wish. It is possible however, that my insurance company’s legal team may want to verify information I send out.
Why do I need a record of this information?
To give you the highest quality support I can. I collect information about: what you want to achieve by coming for Therapy, a small amount of medical information and some information about your important others, alongside session notes. This information allows me to refer to information about previous discussions and the content of earlier sessions and provide intervention and sometimes signposting that is relevant to you. Your contact details / address and GP’s details will only be used with your explicit consent.
How do I know that my information will be held securely?
•Paper session notes – Are all stored in locked cabinets.
•Text messages – My work phone is secured with a pass code.
•Emails – My email account requires a user name and password. (Please be aware that I use Gmail)
Do our discussions during the sessions remain confidential?
Everything we discuss during our sessions remains strictly confidential between you and me. On occasion I may choose to discuss elements of our sessions with my supervisor to ensure I am doing my job effectively. During these discussions I will not disclose any identifying details about you to my supervisor. My supervisor also adheres to the GDPR.
What if I see you away from a therapy session?
I am obligated by GDPR to protect your confidentiality, so for this reason, although I will acknowledge you, I will not initiate conversation unless you are otherwise known to me in a context other than therapy. You are of course able to initiate conversation with me if you so choose at which point I will be able to respond. I will not be able to discuss details pertaining to your therapy if others are present without your express and written consent. If you wish to discuss your therapy with other people, you are of course welcome to do so as this naturally is your choice.
Will you discuss me with other Health and Social Care Professionals?
I am only able to contact other health and social care professionals with your written consent. Should I write to your GP, to notify them that you have come to see me for treatment and again at the end of the therapeutic relationship, I would require your signature in line with GDPR requirements. The only exceptions to this would be if I believed that you were about to harm yourself or another when I would be required to inform the relevant authorities as part of my “Duty of Care”. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.
I use Social Media (Instagram and Facebook), to share information and wellbeing related stories and posts. I am happy for you to engage with my work related Social Media Pages. I will not be able to discuss details pertaining to your therapy. Please be aware that this is a public platform and therefore anything that you post will be in the public domain and visible for others to see.